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Amendments to the Claims: 

This Listing of Claims will replace all prior versions and listings of claims in 
the application: 

Listing of Claims: 

1, (original) An access control system comprising: 

a memory which stores necessary information for various processes; 

a processor for input/output to a file stored in a storage medium; 

a policy file in said memory in which access control policy for said file is 

described; 

an access controller which determines the validity of a request for access to 
said file according to said access control policy; 

a monitoring processor which monitors issuance of a file access request made 
by means of said input/output processor, notifies said access controller of an issued file 
access request and receives the result of validity determination fi-om said access controller; 
and 

an exclusive controller which protects said memory's storage regions in use by 
said input/output controller, access controller and monitoring processor and shields said 
policy file fi-om an access execution processor other than said input/output controller, access 
controller and monitoring processor, wherein: 

said policy file contains information as an access control policy to identify the 
access request source, access execution processor and access type for the file to be accessed; 
and 

said monitoring processor uses information to identify the access request 
source, access execution processor and access type to notify said access controller of said 
issued file access request. 

2. (currently amended) The access control system as defined in claim 1, 
wherein said access control policy comprises information on an access type prohibited for 
access to said file, an error code which is returned to th e acc e ss request sourc e if said 
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prohibited type of acccoo occurD, and information to identify the access execution processor 
and access request source which are authorized by exception to access the file. 

3. (original) The access control system as defined in claim 2, wherein the 
access execution processor described in said access control policy is a program and is 
identified by a combination of the program's pathname and feature value. 

4. (original) The access control system as defined in claim 3, said system 
having an access log file which registers the content of a file access request, wherein 

said access controller checks said file access request against the description of 
said policy file and transmits the result of said validity determination to said monitoring 
processor; and 

if said access request is authorized, transmits the feature value of said access 
execution processor to said monitoring processor; or 

if said access request is contrary to said access control policy, registers the 
content of said file access request in said access log file. 

5. (original) The access control system as defined in claim 4, wherein the 
system also incorporates an open file table as well as a processor that, if the access type of a 
valid file access request is an open access, registers, in said open file table, the access type, 
the file to be accessed and the access request source, and information to identify the access 
execution processor, which are obtained as response information from said access controller; 
and a processor that, if said access request is a read or write request, searches said open file 
table and determines the validity of said access request. 

6. (original) The access control system as defined in claim 5, wherein said 
monitoring processor also has a processor that, upon detecting a read or write access request 
not registered in said open file table, registers the content of said access request in said access 
log file through said access controller. 
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7. (original) The access control system as defined in claim 6, wherein said 
monitoring processor also has a processor that, upon detecting a file close request, deletes the 
corresponding information fi*om said open file table. 

8. (original) The access control system as defined in claim 4, wherein said 
access controller performs said check of the access request attribute information against the 
description in the policy file if the access type of said file access request is an open access 
and the attribute information for the file access request includes information on read access or 
write access. 

9. (original) The access control system as defined in claim 8, wherein said 
monitoring processor also has a processor that, if said file access request is valid, calculates 
the feature value for said access execution processor and compares it with the feature value 
received from said access controller; and 

a processor that, if the values are the same, authorizes said access request; and 
a processor that, if the values are not the same, invalidates said file access 

request and registers the content of the file access in said access log file through said access 

controller. 

Claims 10-19 (canceled). 

20. (original) A program product comprising programs which are loaded and 
executed in an information processing unit provided with a processor for input/output to files 
and a memory for storing said files and constitute an access control system on said 
information processing unit, and files which are used by said programs, the product having 
the following: 

a policy file in which an access control policy is described; an access control 
program, a monitoring program; and a computer-readable medium to embody said programs; 
wherein said access control policy contains information to identify the access request source, 
access execution processor and access type for the file to be accessed; and said access control 
program has codes to enable said information processing unit to determine the validity of the 
file access request according to said access control policy; and 
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said monitoring program has codes to enable said information processing unit 
to monitor issuance of a file access request made by means of said input/output processor as 
well as codes to enable said information processing unit to notify said access control program 
of the issued file access request using the information to identify the access request source, 
access execution processor and access type. 

21. (new) The access control system as defined in claim 2, wherein said 
access control policy further comprises an error code which is retumed to the access request 
source if said prohibited type of access occurs. 
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